News

Programmer errors hurting Web services spread

Worst-case scenarios in which ''the teenage hacker from Albania'' breaks into corporate XML Web services are not as likely to be the security problem that disrupts business operations, according to Leon Baranovsky, vice president of marketing at Reactivity Inc., a Belmont, Calif.-based maker of XML firewall technology.

''What we have found from our early customers is that most of the cost associated with securing Web services and XML comes not from the teenage hacker, but from well-intentioned IT professionals,'' he explained.

Like the homeowner who focuses on fireproofing but doesn't notice the small leak that eventually floods his basement, IT departments obsessing about hacker attacks can miss little Web services issues that actually disrupt business, Baranovsky said.

He offered the following example. ''This story comes from a customer of ours who is a manufacturer on the West Coast,'' Baranovsky said. ''An architect with that company was awakened at 4 o'clock in the morning because a design partner on the East Coast had been unable to get a file submitted through a .NET-enabled application. This architect had to get up, get dressed, go in to work and rummage through a bunch of log files to figure out what had gone wrong. It turned out it was something really trivial - their certificate had expired.''

There was no maliciousness in the expiring certificate, he said, it was simply that the system administrators missed it. But the result, beyond sleep deprivation for the West Coast architect, was an unnecessary delay for the East Coast business partner and a bi-coastal loss of productivity, Baranovsky said.

In his view, XML Web services security needs to look beyond putting up firewalls to stop hackers; it needs to focus on more mundane but potentially costly problems, like an expired certificate, that bring transactions to a halt.

Reactivity, which for the past year has offered a software security product, this week announced the release of its Reactivity XML Firewall appliance, which combines software and hardware.

The company is including features, such as an alert when a certificate is due to expire, that are designed to prevent non-malicious and unintentional disruptions of services, Baranovsky said.

For further information, please go to http://www.reactivity.com.

About the Author

Rich Seeley is Web Editor for Campus Technology.